Some questions about pbx and gui.

VitalPBX Community Support General Discussion Some questions about pbx and gui.

Up
0
Down
  • Post
    lightvik
    Participant

    1) that product have irc channel?

    2)In vps script maybe need add:

    yum -y install NetworkManager

    systemctl enable NetworkManager  

    systemctl start NetworkManager  

    3) i have a trouble, i want use pbx in vps with chan-sip only (no pjsip) + tls only on 5061 port + srtp. how to do it? i try config via gui but have no idea how to do it.

    0
Viewing 14 replies - 1 through 14 (of 14 total)
  • Replies
    lightvik
    Participant

    So, i found a bug!

    when i use letsencrypt certificate it works well with webgui but not work when i use chan-sip tls.

    tcp 0 0 127.0.0.1:5063 0.0.0.0:* LISTEN 1369/asterisk
    tcp 0 0 127.0.0.1:5062 0.0.0.0:* LISTEN 1369/asterisk
    udp 0 0 0.0.0.0:5060 0.0.0.0:* 1369/asterisk
    udp 0 0 127.0.0.1:5062 0.0.0.0:* 1369/asterisk

    but if i use self-signed certificate it works well.

    tcp 0 0 127.0.0.1:5063 0.0.0.0:* LISTEN 1369/asterisk
    tcp 0 0 0.0.0.0:5061 0.0.0.0:* LISTEN 1369/asterisk
    tcp 0 0 127.0.0.1:5062 0.0.0.0:* LISTEN 1369/asterisk
    udp 4864 0 0.0.0.0:5060 0.0.0.0:* 1369/asterisk
    udp 0 0 127.0.0.1:5062 0.0.0.0:* 1369/asterisk

    0
    lightvik
    Participant

    not working config:

    tlscertfile=/usr/share/ombutel/certificates/pbx2.raven.kz/bundle.pem
    tlscafile=/usr/share/ombutel/certificates/pbx2.raven.kz/chain.pem

    working config(self-signed) :

    tlscertfile=/usr/share/ombutel/certificates/pbx.raven.kz.pem
    tlscafile=/usr/share/ombutel/certificates/ca.crt

     

    0

    Thanks For reporting it, we will check it.

    0
    jrosetto
    Participant

    @ing-joserivera26

    DId you ever get anywhere with this.  I would like to use TLS with letsencrypt but after generating the cert the PBX isn’t listening on 5063 anymore for PJSIP TLS.  5062 is unaffected.

     

    0

    You must create a new PJSIP profile that uses as transport TLS.

    0
    jrosetto
    Participant

    @ing-joserivera26

    Created the profile PJSIP and enabled TLS but running ‘lsof -i -P -n | grep 5063’ still comes up blank.  Anything else I need to do?

     

    0

    Assign the certificate on PJSIP settings, select the SSL Method.

    After this, go to the Asterisk console, and reload the PJSIP driver, and check if the output returns any error or warning.

    module reload res_pjsip.so
    0
    jrosetto
    Participant

    @ing-joserivera26

    Getting closer…  Here are the errors

    [2020-03-06 11:35:39] ERROR[9044]: config_options.c:798 aco_process_var: Error parsing method=tlsv3 at line 49 of /etc/asterisk/ombutel/pjsip__20-transport.conf
    [2020-03-06 11:35:39] ERROR[9044]: res_sorcery_config.c:407 sorcery_config_internal_load: Could not create an object of type ‘transport’ with id ‘transport-tls’ from configuration file ‘pjsip.conf’
    [2020-03-06 11:35:39] NOTICE[9044]: res_sorcery_config.c:418 sorcery_config_internal_load: Retaining existing configuration for object of type ‘transport’ with id ‘transport-tls’

    That line in the config is going to

    [transport-wss]

    It is listening at this point but I am unable to register over TLS.

     

    0

    What SSL Method do you have on the PJSIP Settings?

    0
    jrosetto
    Participant
    0

    try changing it to tlsv1

    0
    jrosetto
    Participant

    @ing-joserivera26

    That stopped the errors and I can register on the phone side.  But on the asterisk side the extension shows as unavailable.

     

    0

    Check the contact URI

    0
    jrosetto
    Participant

    @ing-joserivera26

    Ah I got it.  I had to change the profile to the new one I created on the extension.  Everything seems to be working as intended.  Thanks for your help.  I owe you one.

     

    0
Viewing 14 replies - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.